Since PayPal’s launch more than 20 years ago, the peer-to-peer and digital-cash service industry has seen exponential growth, and with it, exponential amounts of fraud.
An estimated 70% of Americans use peer-to-peer and digital-cash services, and many turned to these products during the pandemic. However, in just the first four months of the pandemic, an estimated $13.4 million was lost to scammers across these platforms.
Regardless of payment evolution, wherever there is money, there will be theft. But there is an opportunity for the industry to fundamentally address fraud without sacrificing consumer convenience—by combating its own competitive instincts and collaborating on standard risk practices.
Peer-to-peer apps and digital-cash services allow consumers to send funds quickly, which is an appealing option when compared to other bank-transaction options that can sometimes take longer. However, quick transfers give digital-cash service providers a smaller window to review and stop the movement of funds if something is amiss.
During the industry’s infancy, these services successfully managed fraud when their strategy included upfront controls. For example, a cardholder would typically authorize the use of an external financial institution through micro-deposits or by verifying external login credentials. Once the digital cash service was linked to the account, a strong upfront handshake confirmed the user was approved to access the funds.
But this validation process proved cumbersome and inconvenient to the consumer, creating incentives, and competitive opportunities, to eliminate those crucial but burdensome steps. Today, consumers expect to sign up for a service within a few minutes. Similarly, when transferring money, the consumer now demands the ease of sending funds in a single session, including verification and validation.
This leaves little room for upfront validation practices and provides a greater opportunity for fraudsters, since the fewer the barriers for the consumer, the fewer the barriers for the bad actors.
So how do we solve the tension between convenience and risk? Ideally, by blending convenience and security in a way that makes sense for good users while also building enough hurdles for the dishonest ones. This should include active controls like consumer text verification, as well as passive controls that users don’t see, like real-time transaction monitoring for suspicious behavior.
Unfortunately, risk controls are not uniform across the industry. That leaves opportunities for fraudsters to find low-hurdle ways to exit funds from traditional financial institutions using digital cash services and peer-to-peer apps.
Traditional financial institutions have been under pressure to transform their legacy systems digitally. Bank-backed money-transfer services do offer a secure ecosystem because financial institutions are committed to standard best practices and working with one another. If a user stays within the bank-backed money-transfer service, financial institutions can maintain a line of sight on a cardholder’s data.
However, competition in the industry is steep, and a key differentiator for the consumer is ease of services, not cardholder data security.
The pandemic’s onset also threw consumer demand into overdrive when federal and state governments stepped in to offer trillions of dollars in financial aid, requiring banks to conduct a complete digital transformation overnight. Platforms that were never designed to support massive data inputs or manage real-time identity-theft issues were quickly overloaded. According to reports, these vulnerabilities allowed scammers to siphon off more than $40 billion in pandemic relief funds.
Still, once money flows into accounts, it must remain safe and secure even if a consumer chooses a digital peer-to-peer app over a bank-backed money-transfer service. As issuers of stimulus benefits, unemployment insurance, and tax refunds, banks should understand the time is now to evolve controls around these third-party platforms to keep fraudsters from using these services to liquidate consumer accounts.
While there is no cure-all solution, the industry needs to find a way to agree on a set of uniform controls to combat fraud. Product differentiation and industry competition are not going anywhere, and neither are consumers’ demands around greater ease of services and convenience. However, it is time for traditional financial institutions, peer-to-peer apps, and digital-cash service providers to agree on a set of risk-control standards—more specifically, standards around verification and validation of a user.
The industry has successfully combated fraud in the past. It can do a better job going forward by collaborating when it comes to securely verifying an external account. Fraudsters are going to identify the weakest link in the chain, over and over again. And robust security risk controls are hard to accomplish alone. Still, as an industry, we can create a wholly secure ecosystem grounded in industry collaboration. We can then begin to holistically address the complex tension between security and consumer demands without sacrificing innovation.
—Neil Gilbert is vice president of risk, Netspend, Austin, Texas.